macOS Scheduled Scan XML profile will remove DLP key and value from managed preferences

Copper Contributor

Refer to the MS support article for setting Scheduled Scans for Defender EP on macOS:

"How to schedule scans with Microsoft Defender for Endpoint on macOS - Microsoft Defender for Endpoint | Microsoft Learn"



When implementing the XML via Jamf Pro MDM via a configuration profile targeting, the result removes the Data Loss Prevention key and value from Managed Preferences as set via the JSON schema configuration profile, thus rendering it as disabled. Once the scan settings are removed, DLP is enabled again. This is repeatable.


Deploying an XML, like the one below for Scheduled Scans, will override DLP settings made with another config profile:


<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>features</key> <dict> <key>scheduledScan</key> <string>enabled</string> </dict> <key>scheduledScan</key> <dict> <key>ignoreExclusions</key> <true/> <key>lowPriorityScheduledScan</key> <true/> <key>dailyConfiguration</key> <dict> <key>timeOfDay</key> <integer>720</integer> </dict> <key>weeklyConfiguration</key> <dict> <key>dayOfWeek</key> <integer>5</integer> <key>timeOfDay</key> <integer>840</integer> <key>scanType</key> <string>full</string> </dict> </dict> </dict> </plist>

This needs reviewing by Microsoft as soon as possible.  


0 Replies